On Wed, Nov 08, 2006 at 02:46:35PM -0500, Daniel Ouellet wrote:
>
> So, I see absolutely nothing wrong with this, but only huge benefit.
with the "not" wildcard stuff, it seems like that would perhaps be
a bit heavier to implement than the "definately is" matching.
grep vs. egrep, only for spamd itself...
it'd have to take all the "not" stuff you do and handle that gracefully.
think of pf for a second... if you said
block drop from !$host_one to any
block drop from !$host_two to any
block drop from !$host_three to any
that would screw anything that isn't destined to $host_three, or if you
are a first-match pirate and decide to "quick" everything, anything that's
not $host_one. wouldn't do what you want. granted, you could put them
all in a table and then
block drop from !<table_of_hosts> to any
but that only works because pf has that logic implemented. spamd is a
different critter, and if it isn't *trivial* to implement that kind of thing,
*my* vote is for a shared database structure to be what receives developement
effort as opposed to a wildcard greytrap subsystem.
in the meantime, have you considered handling this yourself and just using
the maillog to your advantage? for example, you can grep maillog looking
for loglines referencing invalid users /for your local domains/.
i'm using the following to add bullshit addresses to the greytrap, probably
could kill the 'zegrep' vs. 'egrep' stuff because it looks like zegrep
gracefully handles non gzipped stuff, but whatever.
i don't paste this because i say "copy and paste this and use it",
but rather, check this out for an idea and do it in your own way.
-------------------------------
#!/bin/sh
[ "${1}X" = "-nX" ] && DEBUG=/bin/echo
# hard-list total bullshit addresses at the top here,
# the rest will be picked up from current and last maillog
ADDRS=""
ADDRS="$ADDRS [EMAIL PROTECTED]"
ADDRS="$ADDRS [EMAIL PROTECTED]"
[ -r /var/log/maillog.0.gz ] && ADDRS="$ADDRS $(
zegrep "(ice-nine\.org|nodeless\.net)>... User unknown$"
/var/log/maillog.0.gz \
| awk '{ print $7 }' \
| sed -ne 's/[<>]//g' -e 's/\.\.\.$//' -ep \
| sort -u
)"
[ -r /var/log/maillog ] && ADDRS="$ADDRS $(
egrep "(ice-nine\.org|nodeless\.net)>... User unknown$"
/var/log/maillog \
| awk '{ print $7 }' \
| sed -ne 's/[<>]//g' -e 's/\.\.\.$//' -ep \
| sort -u
)"
# cut out duplicates from the two log snarfs above
if [ ! -z "${ADDRS}" ]; then
ADDRS=$(echo "${ADDRS}" | xargs -rn1 | sort -u)
fi
# out with the old
for i in $(spamdb | sed -ne '/^SPAMTRAP|<\(.*\)>/s//\1/p'); {
${DEBUG} spamdb -Td "<${i}>"
};
# in with the new
for i in ${ADDRS}; {
${DEBUG} spamdb -Ta "<${i}>"
};
-------------------------------
--
jared
